Privacy e Cookie Policy

Pursuant to the provisions contained in Legislative Decree. no. 196/2003 (Privacy Code) and the New European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and rules on the free movement of such data (general data protection regulation – gdpr)

As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the Data Subject (user of the website www.maurobandinelli.it) is informed that the personal data collected through the site are subject to processing by the Company by means of computer and/or telematic tools, for the purposes and in the manner indicated in this statement, ensuring their security and confidentiality.

Therefore, users are asked to read this information carefully as it describes the management of the site in relation to the processing of personal data of users who consult it.

To this end the interested party is subject to the Privacy Policy prepared by Arte Orafa di Mauro Bandinelli creator and promoter of the activities available on the site: www.maurobandinelli.it

For the purposes of this regulation, art. 4 provides among the various definitions what is meant by:

  • Personal data: personal data is any information concerning an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of his/her physical, physiological, genetic, psychic, economic, cultural or social identity;
  • Processing: processing is any operation or set of operations, whether or not by automated means, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.

Holder of the treatment

The Data Controller is Arte Orafa di Bandinelli Mauro with registered office in Strada in Chianti (FI) at Via Giuseppe Mazzini, 3/A VAT number: 03977540487.
The Company has identified a Data Protection Officer pursuant to Articles 37 et seq. of European Regulation 2016/679, which is identified in Mauro Bandinelli.
This person may be contacted for clarifications and questions concerning the processing of personal data at: info@maurobandinelli.it

Arte Orafa di Mauro Bandinelli has as its only link besides the website www.maurobandinelli.it the facebook page Mauro Bandinelli Maestro Orafo.

Purposes of the treatment

Pursuant to art. 5 of Regulation 679/2016, personal data must be processed lawfully, correctly and transparently towards the interested party for the principles of lawfulness, fairness and transparency.

The data must be collected for specified, explicit and legitimate purposes, and subsequently processed in a way that is not incompatible with these purposes and must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed for the so-called minimization of data.

Finally, for the principle of accuracy, personal data must be accurate and, if necessary, updated and all reasonable measures must be taken to delete or rectify data inaccurate with respect to the purposes for which they are processed.

Personal data subject to processing are collected by Arte Orafa di Bandinelli Mauro or by third parties authorized by the latter for the management of contractual relations with customers and for the related legal obligations.

The site www.maurobandinelli.it requires the user to enter their personal data when the user intends to register on the site in order to collect and process such data allowing the user to start browsing the site.

Treatment modalities

Pursuant to art. 12 of the aforementioned Regulation Transparent information, communications and methods for exercising the rights of the data subject: “The data controller shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 and the communications referred to in Articles 15 to 22 andarticle 34 relating to the processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular in the case of information specifically intended for children. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. If requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.”

The processing of personal data is carried out by the Owner in accordance with the provisions of current legislation on Privacy. The Owner carries out the treatment of personal data through computer and/or telematic instruments aimed at the pursuit of the purposes indicated in this informative report.

Site registration

If the user decides to register to the site, only after giving his consent, the personal data entered will be processed by the owner of the treatment for the purposes of registration.

More specifically, once entered the name, surname, e-mail address and password access, the user will have access to a personal area, where he can proceed to his purchases by saving them in the cart, proceed to purchase, check the status of his orders and shipments, change personal settings and update your account.

The provision of personal data and consent to their treatment is mandatory, in case of failure to provide consent the owner of the treatment will not allow registration to the site www.maurobandinelli.it and therefore the user can not have access to your personal area, proceed to his purchases by saving them in the cart, proceed to purchase, check the status of your orders and shipments, change your personal settings and update your account.

Online purchases

The personal data provided will be used for the establishment, management, execution and / or conclusion of the contract of sale online. The data provided will be processed by the Data Controller for the purpose of managing the purchase order.

If payment is made by credit card, will be required the information necessary to complete the transaction such as the holder of the credit card, credit card number / debit, expiration date, security code.

Such information will be processed by Stripe Bank. This information will never be displayed or stored by the seller Arte Orafa di Bandinelli Mauro.

The provision of personal data and consent to their treatment is mandatory, any failure to provide consent makes it impossible to proceed with the establishment, management, execution and / or conclusion of the contract of sale online.

Data retention

Pursuant to paragraph 3 of Article 5 of the European Regulation: “personal data must be kept in a form which permits identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed; personal data may be kept for longer periods provided that they are processed solely for archiving in the public interest, scientific or historical research or statistical purposes in accordance with Article 89 paragraph 1, without prejudice to the implementation of appropriate technical and organizational measures required by this Regulation to protect the rights and freedoms of the data subject (“storage limitation”)”

Therefore, personal data will be stored for a period of time not exceeding the achievement of the purposes for which they are collected and processed, and in any case, in accordance with the legal provisions provided. In addition, the Company undertakes to periodically verify that the interest of the user to which they refer persists.

The data collected will not be disclosed and communicated to third parties without the express consent of the user, but in special cases some data processing may be carried out by third parties that the Owner may use in the management of the contractual relationship, the provision of services offered such as: couriers, shipping companies, suppliers, banks.

The list of these third parties may be requested from the Data Controller by sending a request to the following e-mail address: info@maurobandinelli.it

The management and storage of personal data acquired will take place in archives or on servers located within the European Union owned by the owner and / or any third party companies appointed by the owner and, however, currently located in Italy.

Rights of the interested parties

The rights of the interested parties are dealt with in the General Data Protection Regulation in articles 15 to 21, and we invite users to read the full text of the aforementioned Regulation

Art. 15 paragraph 1 “the right of access of the interested party”.

The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and if so, to obtain access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients from third countries or international organizations; when possible, the expected period of storage of the personal data or, if this is not possible, the criteria used to determine this period; the existence of the data subject’s right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing; the right to lodge a complaint with a supervisory authority; where the data are not collected from the data subject, all available information about their source; the existence of automated decision-making, including profiling as referred to in Article 22(1) and (4), and, at least in such cases, meaningful information about the logic used, as well as the importance and expected consequences of such processing for the data subject.

Art. 16 “Right of rectification”.

The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the treatment, the person concerned has the right to obtain the integration of incomplete personal data, including by providing an additional statement.

Art. 17 paragraph 1 “right to cancellation”.

The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller is obliged to erase the personal data without undue delay if any of the following reasons apply:

  • a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) the data subject withdraws the consent on which the processing is based in accordance with point (a) of Article 6(1) or point or point (a) of Article 9(2) and if there is no other legal basis for the processing;
  • c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2);
  • d) the personal data have been unlawfully processed;
  • e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  • f) the personal data have been collected in connection with the provision of information society services referred to in Article 8(1).

Art. 18 “Right to restriction of processing”.

The data subject shall have the right to obtain from the data controller the restriction of processing when any of the following applies:

  • a) the data subject disputes the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of such personal data;
  • b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted
  • c) although the data controller no longer needs the personal data for processing purposes, the personal data are necessary for the establishment, exercise or defence of legal claims by the data subject
  • d) the data subject has objected to the processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the data controller override those of the data subject.
  • Where processing is restricted pursuant to paragraph 1, such personal data shall, except for storage, only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
  • A data subject who has obtained a restriction of processing pursuant to paragraph 1 shall be informed by the data controller before such restriction is lifted.

Article 19 “Obligation to notify in case of rectification or erasure of personal data or restriction of processing”.

The controller shall notify each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out pursuant to Article 16, Article 17(1) and Article 18, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject of such recipients if the data subject so requests.

Article 20 “Right to data portability”.

  • The data subject shall have the right to receive in a structured, commonly used and machine-readable format personal data concerning him or her that he or she has provided to a data controller, and shall have the right to transmit such data to another data controller without hindrance from the data controller to whom he or she has provided it where:
  • a) the processing is based on consent pursuant to Article 6(1) a), or Article 9(2) (a) or on a contract pursuant to Article 6(1) (b); and (b) the processing is carried out by automated means.
  • When exercising his or her rights in relation to data portability pursuant to paragraph 1, the data subject shall have the right to obtain the direct transmission of personal data from one controller to another, where technically feasible.
  • The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  • The right referred to in paragraph 1 must not infringe the rights and freedoms of others.

Art. 21 paragraph 1 right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1) (e) or (f), including profiling on the basis of these provisions. The controller shall refrain from further processing the personal data unless the controller demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Art. 77 “right to lodge a complaint with the supervisory authority”.

Without prejudice to any other administrative or judicial remedy, a data subject who considers that processing relating to him or her is in breach of this Regulation shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she is habitually resident or works or in the place where the alleged breach has occurred.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status or outcome of the complaint, including the possibility of a judicial remedy under Article 78.

Therefore, the user may file a complaint with the supervisory authority pursuant to Article 77, file a judicial appeal pursuant to Article 78, and/or file an effective judicial appeal against the controller or processor pursuant to and in accordance with Article 79 79.

The user can make requests regarding the exercise of these rights by contacting: info@maurobandinelli.it

Responsibility of the owner

Pursuant to Art. 24, paragraph 1 the data controller shall, taking into account the nature, scope, context and purposes of the processing, as well as risks to the rights and freedoms of natural persons which are of varying probability and gravity, implement appropriate technical and organizational measures to ensure, and be able to demonstrate, that the processing is carried out in accordance with this Regulation. Such measures shall be reviewed and updated as necessary.

“Processing security”

Pursuant to and for the purposes of Art. 32 governing security of processing Arte Orafa di Bandinelli Mauro has adopted adequate technical and organizational measures to ensure a level of security appropriate to the risk.

In assessing the appropriate level of security, special account is taken of the risks presented by the processing which arise in particular from the destruction, loss, modification, unauthorized disclosure of or access, whether accidental or unlawful, to personal data transmitted, stored or otherwise processed.

However, the Company cannot guarantee its users that these security measures exclude any risk of unauthorized access or dispersion of personal data, so the user is invited to ensure that their computer system is equipped with appropriate security devices for the protection of their electronic communications such as updated antivirus.

Changes to this Privacy Policy

The owner of the treatment reserves the right to make changes to this information at any time by advertising to users on the site www.maurobandinelli.it. To this end, the date of the last update is shown below.

Strada in Chianti, 01/01/2021